Installer Hijacking Vulnerability in Android Devices

Last Revised

A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.

US-CERT advises users to ensure their devices are running an up-to-date version of Android and to use caution when installing software from third-party app stores. 

This product is provided subject to this Notification and this Privacy & Use policy.